I have moved this to Xfce section as these are the people that should know about it, but fwiw my Main Edition Maya doesn't even have a file/folder called /usr/lib/codecs but that may be something to do with the no codec version, not sure (neither does it have any viruses - I just did a full scan).

I suggest in the meantime you copy the name of one of these supposed viruses and google it along with the word clamav. It is probably a false positive, but that is the only way to find out.

That is very odd.Those appear to be Windows related? (Win32).Why would they be in a 'virgin' install???I am not running Mint 13 XFCE, I am running LMDE XFCE.

Perhaps someone with Mint 13 XFCE could run a ClamAV, and see if they have similar results.I have been running LMDE/XFCE for almost two years and never have seen this. Also almost two years on this forum daily and to the best of my feeble old memory have never seen a real virus reported in Mint.

Well that raises a couple of points I think, the first is that there are many other antivirus solutions for Linux that you are free to use if you think one is better - just google 'antivirus + linux', and the second is that your Linux box doesn't have any viruses - that is because there aren't any, so really unless you are using windows drivers or tools like the OP (who could have a virus in those files, though I doubt it) then all antivirus solutions are a waste of resources - For Now. So why not have the one that uses the least resources - and I am pretty sure that is clamav (because it doesn't do 'real time' scanning like some).

The only reason I have antivirus installed is that I use online banking and some (many perhaps??) banks have a clause written in the small print of their t+c's that says that if you don't have an antivirus product on your computer and you lose money through their online services, they won't compensate you.

You will see that although it is perfectly possible to submit 'false positive' files to clamav for inspection, they will automatically reject anything with the term 'PUA' in it's title as this is not a virus but a 'Potentially Unwanted Application' - they don't go into details on that term though. All the files mentioned in this thread so far are PUA's not viruses.

I believe most of the files mentioned here are 'runtime packers' (except for mercier's which is an embedded javascript script) and I guess that other antivirus solutions are not set up to detect these as they don't consider them malicious. So perhaps clam is doing a more thorough job than some others as it is covering more types of threat than plain viruses. The downside to this is more warnings.

@mercier: you scanned your home folder... Your home folder belongs to you, not to your distrib.

Scanning PUA is for paranoids as it always gather false positives: these softwares/scripts behave like a virus but are seldom true virusses IMHO detection of "broken executables" (--detect-broken=yes) is more accurate.

Edit: Detection of Possibly Unwanted Applications is off by default in clamav.

Edit2: clamav is not a realtime analyzer - unless you use it in combination with your mail server before message delivery. So apart from that, it will never protect you from any incoming virus or "threat".

Edit3: "man clamscan" will show you an ocean of command-line options and what are their defaults. If you use non default switches, then you should expect more false positives and know what to do if it occurs, like scanning with another antivirus in order to confirm or reject.

Not trying to sound condescending, but an antivirus in Linux imho is like wearing a belt and suspenders.I've run 'nix for about 15 years now with zero AV and have suffered no problems virus-wise. If I didn't install it myself from a trusted source, it isn't going to get in.

As for the questionable files found, they're safe. If you remove them you won't be able to watch many video's.

I did a google -"what is PUA.Win32.Packer" and found this:

"PUA detection (Potentially Unwanted Applications) is for detecting files that are packed with packers used by malware or tools that could be used by malware (such as keyloggers, remote admin tools, some scripts, etc.). The problem is that both malware and "good" programs can use the same packers. Many "good" websites also use java scripts and other scripts that are put in your temporary internet folder that will be detected as PUA files. Many businesses use remote administration tools as well.

Since PUA detection is optionally selected by the user, Clam AV (Clam AV furnishes its scan engine and virus signatures toClamWin) does not make any adjustment to its PUA signatures. The PUA.Win32.Packer detections will detect many, many, many, many, many, many, good programs. If you use PUA detection with quarantine, it will quarantine important files in error, and you will not be able to restore them--because it will also quarantine the ClamWin quarantine restore program!

Use ClamWin to detect real viruses--not PUA. One last time... Do not use PUA detection. It is broken! "

Today I have installed Kubuntu to see if I get the same threats in another dristro.It is again a virgin installation and during the scan, I had no threats clamTK. same preference etc.I scan the hole file system again.

I have also tried removing the checkmark in clamTK "enable ekstra scan settings" on my LinuxMint and received no threats during scanning this time. (I scan the hole file system)

ConclusionIt will then say to enable ekstra scan settings in clamTK GUI = PUA threats and as I understandat the forum here is PUA not a threat you have to worry about in Linuxmint.